#50703 Ticket 48707 - ldapssotoken for authentication
Closed a year ago by spichugi. Opened 2 years ago by firstyear.
firstyear/389-ds-base 48707-ldap-token-impl-rs  into  master

file modified
+35 -4
@@ -226,7 +226,7 @@ 

  	$(POLICY_FC)

  

  if RUST_ENABLE

- BUILT_SOURCES += rust-slapi-private.h

+ BUILT_SOURCES += rust-slapi-private.h rust-nsslapd-private.h

  endif

  

  if enable_posix_winsync
@@ -1214,7 +1214,7 @@ 

  

  if RUST_ENABLE

  

- noinst_LTLIBRARIES = librsds.la librslapd.la

+ noinst_LTLIBRARIES = librsds.la librslapd.la librnsslapd.la

  

  ### Why does this exist?

  #
@@ -1262,8 +1262,29 @@ 

  # The header needs the lib build first.

  rust-slapi-private.h: @abs_top_builddir@/rs/@rust_target_dir@/librslapd.a

  

+ # Build rust ns-slapd components as a library.

+ RNSSLAPD_LIB = @abs_top_builddir@/rs/@rust_target_dir@/librnsslapd.a

+ 

+ librnsslapd_la_SOURCES = \

+ 	src/librnsslapd/Cargo.toml \

+ 	src/librnsslapd/build.rs \

+ 	src/librnsslapd/src/lib.rs

+ 

+ librnsslapd_la_EXTRA = src/librnsslapd/Cargo.lock

+ 

+ @abs_top_builddir@/rs/@rust_target_dir@/librnsslapd.a: $(librnsslapd_la_SOURCES)

+ 	RUST_BACKTRACE=1 RUSTC_BOOTSTRAP=1 \

+ 	CARGO_TARGET_DIR=$(abs_top_builddir)/rs \

+ 	SLAPD_HEADER_DIR=$(abs_top_builddir)/ \

+ 		cargo rustc $(RUST_OFFLINE) --manifest-path=$(srcdir)/src/librnsslapd/Cargo.toml \

+ 		$(CARGO_FLAGS) --verbose -- $(RUSTC_FLAGS)

+ 

+ # The header needs the lib build first.

+ rust-nsslapd-private.h: @abs_top_builddir@/rs/@rust_target_dir@/librnsslapd.a

+ 

  EXTRA_DIST = $(librsds_la_SOURCES) $(librsds_la_EXTRA) \

- 			$(librslapd_la_SOURCES) $(librslapd_la_EXTRA)

+ 			$(librslapd_la_SOURCES) $(librslapd_la_EXTRA) \

+ 			$(librnsslapd_la_SOURCES) $(librnsslapd_la_EXTRA)

  

  ## Run rust tests

  # cargo does not support offline tests :(
@@ -1277,6 +1298,10 @@ 

  	CARGO_TARGET_DIR=$(abs_top_builddir)/rs \

  	SLAPD_HEADER_DIR=$(abs_top_builddir)/ \

  		cargo test $(RUST_OFFLINE) --manifest-path=$(srcdir)/src/librslapd/Cargo.toml

+ 	RUST_BACKTRACE=1 RUSTC_BOOTSTRAP=1 \

+ 	CARGO_TARGET_DIR=$(abs_top_builddir)/rs \

+ 	SLAPD_HEADER_DIR=$(abs_top_builddir)/ \

+ 		cargo test $(RUST_OFFLINE) --manifest-path=$(srcdir)/src/librnsslapd/Cargo.toml

  endif

  

  else
@@ -1439,12 +1464,13 @@ 

  

  libslapd_la_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) $(SASL_CFLAGS) @db_inc@ $(KERBEROS_CFLAGS) $(PCRE_CFLAGS) $(SDS_CPPFLAGS) $(SVRCORE_INCLUDES)

  libslapd_la_LIBADD = $(LDAPSDK_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(KERBEROS_LIBS) $(PCRE_LIBS) $(THREADLIB) $(SYSTEMD_LIBS) libsds.la libsvrcore.la

+ libslapd_la_LDFLAGS = $(AM_LDFLAGS) $(SLAPD_LDFLAGS)

  

  if RUST_ENABLE

  libslapd_la_LIBADD += $(RSLAPD_LIB)

+ libslapd_la_LDFLAGS += -lssl

  endif

  

- libslapd_la_LDFLAGS = $(AM_LDFLAGS) $(SLAPD_LDFLAGS)

  

  

  #////////////////////////////////////////////////////////////////
@@ -2152,6 +2178,9 @@ 

  ns_slapd_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) $(SASL_CFLAGS) $(SVRCORE_INCLUDES)

  ns_slapd_LDADD = libslapd.la libldaputil.la libsvrcore.la $(LDAPSDK_LINK) $(NSS_LINK) $(LIBADD_DL) \

  	$(NSPR_LINK) $(SASL_LINK) $(LIBNSL) $(LIBSOCKET) $(THREADLIB) $(SYSTEMD_LIBS) $(EVENT_LINK)

+ if RUST_ENABLE

+ ns_slapd_LDADD += $(RNSSLAPD_LIB)

+ endif

  ns_slapd_DEPENDENCIES = libslapd.la libldaputil.la

  # We need to link ns-slapd with the C++ compiler on HP-UX since we load

  # some C++ shared libraries (such as icu).
@@ -2161,6 +2190,7 @@ 

  ns_slapd_LINK = $(LINK)

  endif

  

+ 

  #------------------------

  # pwdhash

  #------------------------
@@ -2299,6 +2329,7 @@ 

  	-e 's,@enable_ubsan\@,$(UBSAN_ON),g' \

  	-e 's,@SANITIZER\@,$(SANITIZER),g' \

  	-e 's,@enable_perl\@,@enable_perl@,g' \

+ 	-e 's,@enable_rust\@,@enable_rust@,g' \

  	-e 's,@ECHO_N\@,$(ECHO_N),g' \

  	-e 's,@ECHO_C\@,$(ECHO_C),g' \

  	-e 's,@brand\@,$(brand),g' \

file modified
+3
@@ -98,6 +98,8 @@ 

  if test "$enable_rust" = yes -o "$enable_rust_offline" = yes; then

      AC_CHECK_PROG(CARGO, [cargo], [yes], [no])

      AC_CHECK_PROG(RUSTC, [rustc], [yes], [no])

+     # Since fernet uses the openssl lib.

+     PKG_CHECK_MODULES([OPENSSL], [openssl])

  

      AS_IF([test "$CARGO" != "yes" -o "$RUSTC" != "yes"], [

        AC_MSG_FAILURE("Rust based plugins cannot be built cargo=$CARGO rustc=$RUSTC")
@@ -105,6 +107,7 @@ 

  

  

  fi

+ AC_SUBST([enable_rust])

  AM_CONDITIONAL([RUST_ENABLE],[test "$enable_rust" = yes -o "$enable_rust_offline" = yes])

  

  AC_MSG_CHECKING(for --enable-debug)

empty or binary file added
@@ -0,0 +1,240 @@ 

+ # --- BEGIN COPYRIGHT BLOCK ---

+ # Copyright (C) 2019 William Brown <william@blackhats.net.au>

+ # All rights reserved.

+ #

+ # License: GPL (version 3 or any later version).

+ # See LICENSE for details.

+ # --- END COPYRIGHT BLOCK ---

+ 

+ import ldap

+ import pytest

+ import time

+ from lib389.idm.user import nsUserAccounts, UserAccounts

+ from lib389.topologies import topology_st as topology

+ from lib389.paths import Paths

+ from lib389.utils import ds_is_older

+ from lib389._constants import *

+ from lib389.idm.directorymanager import DirectoryManager

+ from lib389.idm.account import Anonymous

+ from lib389.extended_operations import LdapSSOTokenRequest

+ 

+ default_paths = Paths()

+ 

+ pytestmark = pytest.mark.tier1

+ 

+ USER_PASSWORD = "password aouoaeu"

+ TEST_KEY = "4PXhmtKG7iCdT9C49GoBdD92x5X1tvF3eW9bHq4ND2Q="

+ 

+ @pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")

+ def test_ldap_auth_token_config(topology):

+     """ Test that we are able to configure the ldapssotoken backend with various types and states.

+ 

+     :id: e9b9360b-76df-40ef-9f45-b448df4c9eda

+ 

+     :setup: Standalone instance

+ 

+     :steps:

+         1. Enable the feature

+         2. Set a key manually.

+         3. Regerate a key server side.

+         4. Attempt to set invalid keys.

+         5. Disable the feature

+         6. Assert that key changes are rejected

+ 

+     :expectedresults:

+         1. Feature enables

+         2. Key is set and accepted

+         3. The key is regenerated and unique

+         4. The key is rejected

+         5. The disable functions online

+         6. The key changes are rejected

+     """

+     # Enable token

+     topology.standalone.config.set('nsslapd-enable-ldapssotoken', 'on') # enable it.

+     # Set a key

+     topology.standalone.config.set('nsslapd-ldapssotoken-secret', TEST_KEY)

+     # regen a key

+     topology.standalone.config.remove_all('nsslapd-ldapssotoken-secret')

+     k1 = topology.standalone.config.get_attr_val_utf8('nsslapd-ldapssotoken-secret')

+     assert(k1 != TEST_KEY)

+     # set an invalid key

+     with pytest.raises(ldap.UNWILLING_TO_PERFORM):

+         topology.standalone.config.set('nsslapd-ldapssotoken-secret', 'invalid key')

+     with pytest.raises(ldap.UNWILLING_TO_PERFORM):

+         topology.standalone.config.set('nsslapd-ldapssotoken-secret', '')

+     # Disable token

+     topology.standalone.config.set('nsslapd-enable-ldapssotoken', 'off') # disable it.

+     # Set a key

+     with pytest.raises(ldap.OPERATIONS_ERROR):

+         topology.standalone.config.set('nsslapd-ldapssotoken-secret', TEST_KEY)

+     # regen a key

+     with pytest.raises(ldap.OPERATIONS_ERROR):

+         topology.standalone.config.remove_all('nsslapd-ldapssotoken-secret')

+ 

+ 

+ @pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")

+ def test_ldap_auth_token_nsuser(topology):

+     """

+     Test that we can generate and authenticate with authentication tokens

+     for users in the directory, as well as security properties around these

+     tokens.

+ 

+     :id: 65335341-c85b-457d-ac7d-c4079ac90a60

+ 

+     :setup: Standalone instance

+ 

+     :steps:

+         1. Create an account

+         2. Generate a token for the account

+         3. Authenticate with the token

+         4. Assert that a token can not be issued from a token-authed account

+         5. Regenerate the server key

+         6. Assert the token no longer authenticates

+ 

+     :expectedresults:

+         1. Account is created

+         2. Token is generated

+         3. Token authenticates

+         4. Token is NOT issued

+         5. The key is regenerated

+         6. The token fails to bind.

+     """

+     topology.standalone.enable_tls()

+     topology.standalone.config.set('nsslapd-enable-ldapssotoken', 'on') # enable it.

+     nsusers = nsUserAccounts(topology.standalone, DEFAULT_SUFFIX)

+     # Create a user as dm.

+     user = nsusers.create(properties={

+         'uid': 'test_nsuser',

+         'cn': 'test_nsuser',

+         'displayName': 'testNsuser',

+         'legalName': 'testNsuser',

+         'uidNumber': '1001',

+         'gidNumber': '1001',

+         'homeDirectory': '/home/testnsuser',

+         'userPassword': USER_PASSWORD,

+     })

+     # Create a new con and bind as the user.

+     user_conn = user.bind(USER_PASSWORD)

+     user_account = nsUserAccounts(user_conn, DEFAULT_SUFFIX).get('test_nsuser')

+     # From the user_conn do an extop_s for the token

+     token = user_account.request_sso_token()

+     # Great! Now do a bind where the token is the pw:

+     # user_conn_tok = user.bind(token)

+     user_conn_tok = user.authenticate_sso_token(token)

+     # Assert whoami.

+     # Assert that user_conn_tok with the token can NOT get a new token.

+     user_tok_account = nsUserAccounts(user_conn_tok, DEFAULT_SUFFIX).get('test_nsuser')

+     with pytest.raises(ldap.UNWILLING_TO_PERFORM):

+         user_tok_account.request_sso_token()

+ 

+     # Check with a lowered ttl (should deny)

+     topology.standalone.config.set('nsslapd-ldapssotoken-ttl-secs', '1') # Set a low ttl

+     # Ensure it's past - the one time I'll allow a sleep ....

+     time.sleep(2)

+     with pytest.raises(ldap.INVALID_CREDENTIALS):

+         user.authenticate_sso_token(token)

+     topology.standalone.config.set('nsslapd-ldapssotoken-ttl-secs', '3600') # Set a reasonable

+ 

+     # Regenerate the server token key

+     topology.standalone.config.remove_all('nsslapd-ldapssotoken-secret')

+     # check we fail to authenticate.

+     with pytest.raises(ldap.INVALID_CREDENTIALS):

+         user.authenticate_sso_token(token)

+ 

+ @pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")

+ def test_ldap_auth_token_disabled(topology):

+     """ Assert when the feature is disabled that token operations are not able to progress

+ 

+     :id: ccde5d0b-7f2d-49d5-b9d5-f7082f8f36a3

+ 

+     :setup: Standalone instance

+ 

+     :steps:

+         1. Create a user

+         2. Attempt to get a token.

+         3. Enable the feature, get a token, then disable it.

+         4. Attempt to auth

+ 

+     :expectedresults:

+         1. Success

+         2. Fails to get a token

+         3. Token is received

+         4. Auth fails as token is disabled.

+     """

+     topology.standalone.enable_tls()

+     topology.standalone.config.set('nsslapd-enable-ldapssotoken', 'off') # disable it.

+     nsusers = nsUserAccounts(topology.standalone, DEFAULT_SUFFIX)

+     # Create a user as dm.

+     user = nsusers.create(properties={

+         'uid': 'test_nsuser1',

+         'cn': 'test_nsuser1',

+         'displayName': 'testNsuser1',

+         'legalName': 'testNsuser1',

+         'uidNumber': '1002',

+         'gidNumber': '1002',

+         'homeDirectory': '/home/testnsuser1',

+         'userPassword': USER_PASSWORD,

+     })

+     # Create a new con and bind as the user.

+     user_conn = user.bind(USER_PASSWORD)

+     user_account = nsUserAccounts(user_conn, DEFAULT_SUFFIX).get('test_nsuser1')

+     # From the user_conn do an extop_s for the token

+     with pytest.raises(ldap.PROTOCOL_ERROR):

+         user_account.request_sso_token()

+     # Now enable it

+     topology.standalone.config.set('nsslapd-enable-ldapssotoken', 'on')

+     token = user_account.request_sso_token()

+     # Now disable

+     topology.standalone.config.set('nsslapd-enable-ldapssotoken', 'off')

+     # Now attempt to bind (should fail)

+     with pytest.raises(ldap.INVALID_CREDENTIALS):

+         user_account.authenticate_sso_token(token)

+ 

+ 

+ @pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")

+ def test_ldap_auth_token_directory_manager(topology):

+     """ Test token auth with directory manager is denied

+ 

+     :id: ec9aec64-3edf-4f3f-853a-7527b0c42124

+ 

+     :setup: Standalone instance

+ 

+     :steps:

+         1. Attempt to generate a token as DM

+ 

+     :expectedresults:

+         1. Fails

+     """

+     topology.standalone.enable_tls()

+     topology.standalone.config.set('nsslapd-enable-ldapssotoken', 'on') # enable it.

+ 

+     dm = DirectoryManager(topology.standalone)

+     # Try getting a token at DM, should fail.

+     with pytest.raises(ldap.UNWILLING_TO_PERFORM):

+         dm.request_sso_token()

+ 

+ ## test as anon (will fail)

+ @pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")

+ def test_ldap_auth_token_anonymous(topology):

+     """ Test token auth with Anonymous is denied.

+ 

+     :id: 966068c3-fbc6-468d-a554-18d68d1d895b

+ 

+     :setup: Standalone instance

+ 

+     :steps:

+         1. Attempt to generate a token as Anonymous

+ 

+     :expectedresults:

+         1. Fails

+     """

+     topology.standalone.enable_tls()

+     topology.standalone.config.set('nsslapd-enable-ldapssotoken', 'on') # enable it.

+ 

+     anon_conn = Anonymous(topology.standalone).bind()

+     # Build the request

+     req = LdapSSOTokenRequest()

+     # Get the response

+     with pytest.raises(ldap.UNWILLING_TO_PERFORM):

+         (_, res) = anon_conn.extop_s(req, escapehatch='i am sure')

+ 

@@ -22,6 +22,7 @@ 

  version = @PACKAGE_VERSION@

  asan_enabled = @enable_asan@

  enable_perl = @enable_perl@

+ enable_rust = @enable_rust@

  with_systemd = @with_systemd@

  with_selinux = @with_selinux@

  prefix = @prefixdir@

file modified
+26 -4
@@ -739,9 +739,30 @@ 

                  if (!auto_bind) {

                      /*

                       * Okay, we've made it here. FINALLY check if the entry really

-                      * can bind or not. THIS IS THE PASSWORD CHECK.

+                      * can bind or not. THIS IS THE PASSWORD/TOKEN CHECK.

+                      *

+                      * We have to check the token FIRST because it only validates if something

+                      * is correct or not: the pw verify actually does a send_ldap_result if the

+                      * pw is wrong.

+                      *

+                      * this effectively means the flow is:

+                      * check token -> if valid continue

+                      * if invalid -> check password

+                      *              if password is invalid -> send err=49 (INVALID_CREDENTIALS)

+                      *              if password is okay -> continue

                       */

-                     rc = pw_verify_be_dn(pb, &referral);

+                     rc = pw_verify_token_dn(pb);

+                     /*

+                      * If tokan auth was a success, flag as such in the conn. This is to prevent

+                      * token sessions renewing infinitely - only a primary auth factor can generate

+                      * a token session.

+                      */

+                     if (rc != SLAPI_BIND_SUCCESS) {

+                         rc = pw_verify_be_dn(pb, &referral);

+                         pb_conn->c_bind_auth_token = 0;

+                     } else {

+                         pb_conn->c_bind_auth_token = 1;

+                     }

                      if (rc != SLAPI_BIND_SUCCESS) {

                          /* Invalid pass - lets bail ... */

                          goto bind_failed;
@@ -765,9 +786,10 @@ 

  

                      /*

                       * If required, update the pw hash to the "current setting" on bind

-                      * if it was successful.

+                      * if it was successful, and if we used a PW (else we replace the pw

+                      * with the token, which would be bad!)

                       */

-                     if (config_get_enable_upgrade_hash()) {

+                     if (pb_conn->c_bind_auth_token == 0 && config_get_enable_upgrade_hash()) {

                          update_pw_encoding(pb, bind_target_entry, sdn, cred.bv_val);

                      }

  

file modified
+88 -1
@@ -16,8 +16,12 @@ 

  #include <stdio.h>

  #include "slap.h"

  

- static const char *extended_op_oid2string(const char *oid);

+ /* If available, expose rust types. */

+ #ifdef RUST_ENABLE

+ #include <rust-nsslapd-private.h>

+ #endif

  

+ static const char *extended_op_oid2string(const char *oid);

  

  /********** this stuff should probably be moved when it's done **********/

  
@@ -203,6 +207,60 @@ 

  }

  

  

+ #ifdef RUST_ENABLE

+ static void

+ extop_handle_ldapssotoken_request(Slapi_PBlock *pb, char *extoid __attribute__((unused)), struct berval *extval) {

+     BerElement *ber = NULL;

+     struct berval *bvp = {0};

+     int32_t rc = 0;

+     char *token = NULL;

+     char *dn = NULL;

+     char *key = NULL;

+ 

+     key = config_get_ldapssotoken_secret();

+     slapi_pblock_get(pb, SLAPI_CONN_DN, &dn);

+ 

+     /* This function checks for nulls properly! */

+     token = fernet_generate_token(dn, key);

+     slapi_ch_free_string(&dn);

+     if (token == NULL) {

+         slapi_log_err(SLAPI_LOG_ERR,

+                       "extop_handle_ldapssotoken_request", "unable to generate fernet token\n");

+         send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,

+                          "unable to generate token", 0, NULL);

+         return;

+     }

+ 

+     /* We have a token, let's send it. */

+     ber = der_alloc();

+     PR_ASSERT(ber);

+ 

+     rc = ber_printf(ber, "{is}", &rc, token);

+     slapi_ch_free_string(&token);

+     /* Finish preparing the response */

+     if (rc != -1) {

+         ber_flatten(ber, &bvp);

+     }

+     ber_free(ber, 1);

+ 

+     if (rc == -1) {

+         slapi_log_err(SLAPI_LOG_ERR,

+                       "extop_handle_ldapssotoken_request", "unable to generate ber structure for token\n");

+         send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,

+                          "unable to generate token", 0, NULL);

+         return;

+     }

+ 

+     slapi_pblock_set(pb, SLAPI_EXT_OP_RET_VALUE, bvp);

+     send_ldap_result(pb, LDAP_SUCCESS, NULL, NULL, 0, NULL);

+     slapi_log_err(SLAPI_LOG_INFO, "extop_handle_ldapssotoken_request",

+                   "ldapssotoken generated correctly.\n");

+     ber_bvfree(bvp);

+     return;

+ }

+ #endif

+ 

+ 

  void

  do_extended(Slapi_PBlock *pb)

  {
@@ -345,6 +403,35 @@ 

      slapi_pblock_set(pb, SLAPI_EXT_OP_REQ_VALUE, &extval);

      slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &pb_op->o_isroot);

  

+     /*

+      * Are we attempting to generate an auth token?

+      * Auth tokens are generated outside of transactions, and are just part of the

+      * main server, so we do it now before consulting plugins - WB

+      */

+ #ifdef RUST_ENABLE

+     if (strcmp(extoid, EXTOP_LDAPSSOTOKEN_REQUEST_OID) == 0 && config_get_enable_ldapssotoken()) {

+         /*

+          * We want to generate an auth token for this user.

+          * Was this session already authenticated by a token?

+          * Are they anonymous?

+          */

+         char *dn = (char *)slapi_sdn_get_dn(&pb_op->o_sdn);

+         int32_t is_anon = 0;

+         if (dn == NULL || *dn == '\0') {

+             is_anon = 1;

+         }

+ 

+         if (pb_conn->c_bind_auth_token != 0 || pb_op->o_isroot || is_anon) {

+             send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL, NULL, 0, NULL);

+             goto free_and_return;

+         } else {

+             /* We have a valid user who authed by not-password, generate them a token. */

+             extop_handle_ldapssotoken_request(pb, extoid, &extval);

+             goto free_and_return;

+         }

+     }

+ #endif

+ 

      rc = plugin_determine_exop_plugins(extoid, &p);

      slapi_log_err(SLAPI_LOG_TRACE, "do_extended", "Plugin_determine_exop_plugins rc %d\n", rc);

  

file modified
+379 -227
@@ -146,6 +146,7 @@ 

  /* Note that the 'attrname' arguments are used only for log messages */

  typedef int (*ConfigSetFunc)(const char *attrname, char *value, char *errorbuf, int apply);

  typedef int (*LogSetFunc)(const char *attrname, char *value, int whichlog, char *errorbuf, int apply);

+ typedef void * (*ConfigGenInitFunc)();

  

  typedef enum {

      CONFIG_INT,                          /* maps to int */
@@ -167,6 +168,7 @@ 

      CONFIG_SPECIAL_UNHASHED_PW_SWITCH,   /* unhashed pw: on/off/nolog */

      CONFIG_SPECIAL_TLS_CHECK_CRL,        /* maps enum tls_check_crl_t to char * */

      CONFIG_SPECIAL_FILTER_VERIFY,      /* maps to a config strict/warn-strict/warn/off enum */

+     CONFIG_STRING_GENERATED,             /* A string that can be set, or is internally generated */

  } ConfigVarType;

  

  static int32_t config_set_onoff(const char *attrname, char *value, int32_t *configvalue, char *errorbuf, int apply);
@@ -257,6 +259,7 @@ 

  slapi_onoff_t init_ignore_vattrs;

  slapi_onoff_t init_enable_upgrade_hash;

  slapi_special_filter_verify_t init_verify_filter_schema;

+ slapi_onoff_t init_enable_ldapssotoken;

  

  static int

  isInt(ConfigVarType type)
@@ -279,100 +282,101 @@ 

      void **config_var_addr;        /* address of member of slapdFrontendConfig struct */

      ConfigVarType config_var_type; /* cast to this type when getting */

      ConfigGetFunc getfunc;         /* for special handling */

-     void *initvalue;

+     void *initvalue;               /* init values */

+     ConfigGenInitFunc geninitfunc; /* An init value generator */

  } ConfigList[] = {

      {CONFIG_AUDITLOG_MODE_ATTRIBUTE, NULL,

       log_set_mode, SLAPD_AUDIT_LOG,

       (void **)&global_slapdFrontendConfig.auditlog_mode,

-      CONFIG_STRING, NULL, SLAPD_INIT_LOG_MODE},

+      CONFIG_STRING, NULL, SLAPD_INIT_LOG_MODE, NULL},

      {CONFIG_AUDITLOG_LOGROTATIONSYNCENABLED_ATTRIBUTE, NULL,

       log_set_rotationsync_enabled, SLAPD_AUDIT_LOG,

       (void **)&global_slapdFrontendConfig.auditlog_rotationsync_enabled,

-      CONFIG_ON_OFF, NULL, &init_auditlog_rotationsync_enabled},

+      CONFIG_ON_OFF, NULL, &init_auditlog_rotationsync_enabled, NULL},

      {CONFIG_AUDITLOG_LOGROTATIONSYNCHOUR_ATTRIBUTE, NULL,

       log_set_rotationsynchour, SLAPD_AUDIT_LOG,

       (void **)&global_slapdFrontendConfig.auditlog_rotationsynchour,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONSYNCHOUR_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONSYNCHOUR_STR, NULL},

      {CONFIG_AUDITLOG_LOGROTATIONSYNCMIN_ATTRIBUTE, NULL,

       log_set_rotationsyncmin, SLAPD_AUDIT_LOG,

       (void **)&global_slapdFrontendConfig.auditlog_rotationsyncmin,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONSYNCMIN_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONSYNCMIN_STR, NULL},

      {CONFIG_AUDITLOG_LOGROTATIONTIME_ATTRIBUTE, NULL,

       log_set_rotationtime, SLAPD_AUDIT_LOG,

       (void **)&global_slapdFrontendConfig.auditlog_rotationtime,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONTIME_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONTIME_STR, NULL},

      {CONFIG_ACCESSLOG_MODE_ATTRIBUTE, NULL,

       log_set_mode, SLAPD_ACCESS_LOG,

       (void **)&global_slapdFrontendConfig.accesslog_mode,

-      CONFIG_STRING, NULL, SLAPD_INIT_LOG_MODE},

+      CONFIG_STRING, NULL, SLAPD_INIT_LOG_MODE, NULL},

      {CONFIG_ACCESSLOG_MAXNUMOFLOGSPERDIR_ATTRIBUTE, NULL,

       log_set_numlogsperdir, SLAPD_ACCESS_LOG,

       (void **)&global_slapdFrontendConfig.accesslog_maxnumlogs,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ACCESS_MAXNUMLOGS_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ACCESS_MAXNUMLOGS_STR, NULL},

      {CONFIG_LOGLEVEL_ATTRIBUTE, config_set_errorlog_level,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.errorloglevel,

-      CONFIG_SPECIAL_ERRORLOGLEVEL, NULL, SLAPD_DEFAULT_FE_ERRORLOG_LEVEL_STR},

+      CONFIG_SPECIAL_ERRORLOGLEVEL, NULL, SLAPD_DEFAULT_FE_ERRORLOG_LEVEL_STR, NULL},

      {CONFIG_ERRORLOG_LOGGING_ENABLED_ATTRIBUTE, NULL,

       log_set_logging, SLAPD_ERROR_LOG,

       (void **)&global_slapdFrontendConfig.errorlog_logging_enabled,

-      CONFIG_ON_OFF, NULL, &init_errorlog_logging_enabled},

+      CONFIG_ON_OFF, NULL, &init_errorlog_logging_enabled, NULL},

      {CONFIG_ERRORLOG_MODE_ATTRIBUTE, NULL,

       log_set_mode, SLAPD_ERROR_LOG,

       (void **)&global_slapdFrontendConfig.errorlog_mode,

-      CONFIG_STRING, NULL, SLAPD_INIT_LOG_MODE},

+      CONFIG_STRING, NULL, SLAPD_INIT_LOG_MODE, NULL},

      {CONFIG_ERRORLOG_LOGEXPIRATIONTIME_ATTRIBUTE, NULL,

       log_set_expirationtime, SLAPD_ERROR_LOG,

       (void **)&global_slapdFrontendConfig.errorlog_exptime,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_EXPTIME_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_EXPTIME_STR, NULL},

      {CONFIG_ACCESSLOG_LOGGING_ENABLED_ATTRIBUTE, NULL,

       log_set_logging, SLAPD_ACCESS_LOG,

       (void **)&global_slapdFrontendConfig.accesslog_logging_enabled,

-      CONFIG_ON_OFF, NULL, &init_accesslog_logging_enabled},

+      CONFIG_ON_OFF, NULL, &init_accesslog_logging_enabled, NULL},

      {CONFIG_PORT_ATTRIBUTE, config_set_port,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.port,

-      CONFIG_INT, NULL, NULL},

+      CONFIG_INT, NULL, NULL, NULL},

      {CONFIG_WORKINGDIR_ATTRIBUTE, config_set_workingdir,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.workingdir,

-      CONFIG_STRING_OR_EMPTY, NULL, NULL /* deletion is not allowed */},

+      CONFIG_STRING_OR_EMPTY, NULL, NULL, NULL /* deletion is not allowed */},

      {CONFIG_MAXTHREADSPERCONN_ATTRIBUTE, config_set_maxthreadsperconn,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.maxthreadsperconn,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_MAX_THREADS_PER_CONN_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_MAX_THREADS_PER_CONN_STR, NULL},

      {CONFIG_ACCESSLOG_LOGEXPIRATIONTIME_ATTRIBUTE, NULL,

       log_set_expirationtime, SLAPD_ACCESS_LOG,

       (void **)&global_slapdFrontendConfig.accesslog_exptime,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_EXPTIME_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_EXPTIME_STR, NULL},

      {CONFIG_LOCALUSER_ATTRIBUTE, config_set_localuser,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.localuser,

-      CONFIG_STRING, NULL, NULL /* deletion is not allowed */},

+      CONFIG_STRING, NULL, NULL, NULL /* deletion is not allowed */},

      {CONFIG_ERRORLOG_LOGROTATIONSYNCENABLED_ATTRIBUTE, NULL,

       log_set_rotationsync_enabled, SLAPD_ERROR_LOG,

       (void **)&global_slapdFrontendConfig.errorlog_rotationsync_enabled,

-      CONFIG_ON_OFF, NULL, &init_errorlog_rotationsync_enabled},

+      CONFIG_ON_OFF, NULL, &init_errorlog_rotationsync_enabled, NULL},

      {CONFIG_ERRORLOG_LOGROTATIONSYNCHOUR_ATTRIBUTE, NULL,

       log_set_rotationsynchour, SLAPD_ERROR_LOG,

       (void **)&global_slapdFrontendConfig.errorlog_rotationsynchour,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONSYNCHOUR_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONSYNCHOUR_STR, NULL},

      {CONFIG_ERRORLOG_LOGROTATIONSYNCMIN_ATTRIBUTE, NULL,

       log_set_rotationsyncmin, SLAPD_ERROR_LOG,

       (void **)&global_slapdFrontendConfig.errorlog_rotationsyncmin,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONSYNCMIN_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONSYNCMIN_STR, NULL},

      {CONFIG_ERRORLOG_LOGROTATIONTIME_ATTRIBUTE, NULL,

       log_set_rotationtime, SLAPD_ERROR_LOG,

       (void **)&global_slapdFrontendConfig.errorlog_rotationtime,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONTIME_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONTIME_STR, NULL},

      {CONFIG_PW_INHISTORY_ATTRIBUTE, config_set_pw_inhistory,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_inhistory,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_INHISTORY_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_INHISTORY_STR, NULL},

      {CONFIG_PW_STORAGESCHEME_ATTRIBUTE, config_set_pw_storagescheme,

       NULL, 0, NULL,

       CONFIG_STRING, (ConfigGetFunc)config_get_pw_storagescheme,

-      ""},

+      "", NULL},

      /*

       * Set this to empty string to allow reset to work, but

       * the value is actually derived in set_pw_storagescheme.
@@ -380,240 +384,240 @@ 

      {CONFIG_PW_UNLOCK_ATTRIBUTE, config_set_pw_unlock,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_unlock,

-      CONFIG_ON_OFF, NULL, &init_pw_unlock},

+      CONFIG_ON_OFF, NULL, &init_pw_unlock, NULL},

      {CONFIG_PW_GRACELIMIT_ATTRIBUTE, config_set_pw_gracelimit,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_gracelimit,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_GRACELIMIT_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_GRACELIMIT_STR, NULL},

      {CONFIG_PW_ADMIN_DN_ATTRIBUTE, config_set_pw_admin_dn,

       NULL, 0,

       NULL,

-      CONFIG_STRING, (ConfigGetFunc)config_get_pw_admin_dn, ""},

+      CONFIG_STRING, (ConfigGetFunc)config_get_pw_admin_dn, "", NULL},

      {CONFIG_ACCESSLOG_LOGROTATIONSYNCENABLED_ATTRIBUTE, NULL,

       log_set_rotationsync_enabled, SLAPD_ACCESS_LOG,

       (void **)&global_slapdFrontendConfig.accesslog_rotationsync_enabled,

-      CONFIG_ON_OFF, NULL, &init_accesslog_rotationsync_enabled},

+      CONFIG_ON_OFF, NULL, &init_accesslog_rotationsync_enabled, NULL},

      {CONFIG_ACCESSLOG_LOGROTATIONSYNCHOUR_ATTRIBUTE, NULL,

       log_set_rotationsynchour, SLAPD_ACCESS_LOG,

       (void **)&global_slapdFrontendConfig.accesslog_rotationsynchour,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONSYNCHOUR_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONSYNCHOUR_STR, NULL},

      {CONFIG_ACCESSLOG_LOGROTATIONSYNCMIN_ATTRIBUTE, NULL,

       log_set_rotationsyncmin, SLAPD_ACCESS_LOG,

       (void **)&global_slapdFrontendConfig.accesslog_rotationsyncmin,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONSYNCMIN_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONSYNCMIN_STR, NULL},

      {CONFIG_ACCESSLOG_LOGROTATIONTIME_ATTRIBUTE, NULL,

       log_set_rotationtime, SLAPD_ACCESS_LOG,

       (void **)&global_slapdFrontendConfig.accesslog_rotationtime,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONTIME_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ROTATIONTIME_STR, NULL},

      {CONFIG_PW_MUSTCHANGE_ATTRIBUTE, config_set_pw_must_change,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_must_change,

-      CONFIG_ON_OFF, NULL, &init_pw_must_change},

+      CONFIG_ON_OFF, NULL, &init_pw_must_change, NULL},

      {CONFIG_PWPOLICY_LOCAL_ATTRIBUTE, config_set_pwpolicy_local,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pwpolicy_local,

-      CONFIG_ON_OFF, NULL, &init_pwpolicy_local},

+      CONFIG_ON_OFF, NULL, &init_pwpolicy_local, NULL},

      {CONFIG_PWPOLICY_INHERIT_GLOBAL_ATTRIBUTE, config_set_pwpolicy_inherit_global,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pwpolicy_inherit_global,

-      CONFIG_ON_OFF, NULL, &init_pwpolicy_inherit_global},

+      CONFIG_ON_OFF, NULL, &init_pwpolicy_inherit_global, NULL},

      {CONFIG_AUDITLOG_MAXLOGDISKSPACE_ATTRIBUTE, NULL,

       log_set_maxdiskspace, SLAPD_AUDIT_LOG,

       (void **)&global_slapdFrontendConfig.auditlog_maxdiskspace,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MAXDISKSPACE_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MAXDISKSPACE_STR, NULL},

      {CONFIG_SIZELIMIT_ATTRIBUTE, config_set_sizelimit,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.sizelimit,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_SIZELIMIT_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_SIZELIMIT_STR, NULL},

      {CONFIG_AUDITLOG_MAXLOGSIZE_ATTRIBUTE, NULL,

       log_set_logsize, SLAPD_AUDIT_LOG,

       (void **)&global_slapdFrontendConfig.auditlog_maxlogsize,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MAXLOGSIZE_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MAXLOGSIZE_STR, NULL},

      {CONFIG_PW_WARNING_ATTRIBUTE, config_set_pw_warning,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_warning,

-      CONFIG_LONG, NULL, SLAPD_DEFAULT_PW_WARNING_STR},

+      CONFIG_LONG, NULL, SLAPD_DEFAULT_PW_WARNING_STR, NULL},

      {CONFIG_READONLY_ATTRIBUTE, config_set_readonly,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.readonly,

-      CONFIG_ON_OFF, NULL, &init_readonly},

+      CONFIG_ON_OFF, NULL, &init_readonly, NULL},

      {CONFIG_SASL_MAPPING_FALLBACK, config_set_sasl_mapping_fallback,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.sasl_mapping_fallback,

       CONFIG_ON_OFF, (ConfigGetFunc)config_get_sasl_mapping_fallback,

-      &init_sasl_mapping_fallback},

+      &init_sasl_mapping_fallback, NULL},

      {CONFIG_THREADNUMBER_ATTRIBUTE, config_set_threadnumber,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.threadnumber,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_MAX_THREADS_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_MAX_THREADS_STR, NULL},

      {CONFIG_PW_LOCKOUT_ATTRIBUTE, config_set_pw_lockout,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_lockout,

-      CONFIG_ON_OFF, NULL, &init_pw_lockout},

+      CONFIG_ON_OFF, NULL, &init_pw_lockout, NULL},

      {CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, config_set_enquote_sup_oc,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.enquote_sup_oc,

-      CONFIG_ON_OFF, NULL, &init_enquote_sup_oc},

+      CONFIG_ON_OFF, NULL, &init_enquote_sup_oc, NULL},

      {CONFIG_LOCALHOST_ATTRIBUTE, config_set_localhost,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.localhost,

-      CONFIG_STRING, NULL, NULL /* deletion is not allowed */},

+      CONFIG_STRING, NULL, NULL, NULL /* deletion is not allowed */},

      {CONFIG_IOBLOCKTIMEOUT_ATTRIBUTE, config_set_ioblocktimeout,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.ioblocktimeout,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_IOBLOCK_TIMEOUT_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_IOBLOCK_TIMEOUT_STR, NULL},

      {CONFIG_MAX_FILTER_NEST_LEVEL_ATTRIBUTE, config_set_max_filter_nest_level,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.max_filter_nest_level,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_MAX_FILTER_NEST_LEVEL_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_MAX_FILTER_NEST_LEVEL_STR, NULL},

      {CONFIG_ERRORLOG_MAXLOGDISKSPACE_ATTRIBUTE, NULL,

       log_set_maxdiskspace, SLAPD_ERROR_LOG,

       (void **)&global_slapdFrontendConfig.errorlog_maxdiskspace,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MAXDISKSPACE_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MAXDISKSPACE_STR, NULL},

      {CONFIG_PW_MINLENGTH_ATTRIBUTE, config_set_pw_minlength,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_minlength,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MINLENGTH_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MINLENGTH_STR, NULL},

      {CONFIG_PW_MINDIGITS_ATTRIBUTE, config_set_pw_mindigits,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_mindigits,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MINDIGITS_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MINDIGITS_STR, NULL},

      {CONFIG_PW_MINALPHAS_ATTRIBUTE, config_set_pw_minalphas,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_minalphas,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MINALPHAS_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MINALPHAS_STR, NULL},

      {CONFIG_PW_MINUPPERS_ATTRIBUTE, config_set_pw_minuppers,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_minuppers,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MINUPPERS_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MINUPPERS_STR, NULL},

      {CONFIG_PW_MINLOWERS_ATTRIBUTE, config_set_pw_minlowers,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_minlowers,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MINLOWERS_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MINLOWERS_STR, NULL},

      {CONFIG_PW_MINSPECIALS_ATTRIBUTE, config_set_pw_minspecials,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_minspecials,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MINSPECIALS_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MINSPECIALS_STR, NULL},

      {CONFIG_PW_MIN8BIT_ATTRIBUTE, config_set_pw_min8bit,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_min8bit,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MIN8BIT_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MIN8BIT_STR, NULL},

      {CONFIG_PW_MAXREPEATS_ATTRIBUTE, config_set_pw_maxrepeats,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_maxrepeats,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MAXREPEATS_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MAXREPEATS_STR, NULL},

      {CONFIG_PW_MINCATEGORIES_ATTRIBUTE, config_set_pw_mincategories,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_mincategories,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MINCATEGORIES_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MINCATEGORIES_STR, NULL},

      {CONFIG_PW_MINTOKENLENGTH_ATTRIBUTE, config_set_pw_mintokenlength,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_mintokenlength,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MINTOKENLENGTH_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MINTOKENLENGTH_STR, NULL},

  

      /* Password palindrome */

      {CONFIG_PW_PALINDROME_ATTRIBUTE, config_set_pw_palindrome,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_palindrome,

-      CONFIG_ON_OFF, NULL, &init_pw_palindrome},

+      CONFIG_ON_OFF, NULL, &init_pw_palindrome, NULL},

      /* password dictionary check */

      {CONFIG_PW_CHECK_DICT_ATTRIBUTE, config_set_pw_dict_check,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_check_dict,

-      CONFIG_ON_OFF, NULL, &init_pw_dict_check},

+      CONFIG_ON_OFF, NULL, &init_pw_dict_check, NULL},

      /* password dictionary path */

      {CONFIG_PW_DICT_PATH_ATTRIBUTE, config_set_pw_dict_path,

        NULL, 0,

        (void **)&global_slapdFrontendConfig.pw_policy.pw_dict_path,

-       CONFIG_STRING, NULL, ""},

+       CONFIG_STRING, NULL, "", NULL},

      /* password user attr check list */

      {CONFIG_PW_USERATTRS_ATTRIBUTE, config_set_pw_user_attrs,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_cmp_attrs,

-      CONFIG_CHARRAY, NULL, NULL},

+      CONFIG_CHARRAY, NULL, NULL, NULL},

      /* password bad work list */

      {CONFIG_PW_BAD_WORDS_ATTRIBUTE, config_set_pw_bad_words,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_bad_words,

-      CONFIG_CHARRAY, NULL, NULL},

+      CONFIG_CHARRAY, NULL, NULL, NULL},

      /* password max sequence */

      {CONFIG_PW_MAX_SEQ_ATTRIBUTE, config_set_pw_max_seq,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_max_seq,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MAX_SEQ_ATTRIBUTE_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MAX_SEQ_ATTRIBUTE_STR, NULL},

      /* Max sequence sets */

      {CONFIG_PW_MAX_SEQ_SETS_ATTRIBUTE, config_set_pw_max_seq_sets,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_seq_char_sets,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MAX_SEQ_SETS_ATTRIBUTE_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MAX_SEQ_SETS_ATTRIBUTE_STR, NULL},

      /* password max repeated characters per class */

      {CONFIG_PW_MAX_CLASS_CHARS_ATTRIBUTE, config_set_pw_max_class_repeats,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_max_class_repeats,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MAX_CLASS_CHARS_ATTRIBUTE_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MAX_CLASS_CHARS_ATTRIBUTE_STR, NULL},

      {CONFIG_ERRORLOG_ATTRIBUTE, config_set_errorlog,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.errorlog,

-      CONFIG_STRING_OR_EMPTY, NULL, NULL /* deletion is not allowed */},

+      CONFIG_STRING_OR_EMPTY, NULL, NULL, NULL /* deletion is not allowed */},

      {CONFIG_AUDITLOG_LOGEXPIRATIONTIME_ATTRIBUTE, NULL,

       log_set_expirationtime, SLAPD_AUDIT_LOG,

       (void **)&global_slapdFrontendConfig.auditlog_exptime,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_EXPTIME_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_EXPTIME_STR, NULL},

      {CONFIG_SCHEMACHECK_ATTRIBUTE, config_set_schemacheck,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.schemacheck,

-      CONFIG_ON_OFF, NULL, &init_schemacheck},

+      CONFIG_ON_OFF, NULL, &init_schemacheck, NULL},

      {CONFIG_SCHEMAMOD_ATTRIBUTE, config_set_schemamod,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.schemamod,

-      CONFIG_ON_OFF, NULL, &init_schemamod},

+      CONFIG_ON_OFF, NULL, &init_schemamod, NULL},

      {CONFIG_SYNTAXCHECK_ATTRIBUTE, config_set_syntaxcheck,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.syntaxcheck,

-      CONFIG_ON_OFF, NULL, &init_syntaxcheck},

+      CONFIG_ON_OFF, NULL, &init_syntaxcheck, NULL},

      {CONFIG_SYNTAXLOGGING_ATTRIBUTE, config_set_syntaxlogging,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.syntaxlogging,

-      CONFIG_ON_OFF, NULL, &init_syntaxlogging},

+      CONFIG_ON_OFF, NULL, &init_syntaxlogging, NULL},

      {CONFIG_DN_VALIDATE_STRICT_ATTRIBUTE, config_set_dn_validate_strict,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.dn_validate_strict,

-      CONFIG_ON_OFF, NULL, &init_dn_validate_strict},

+      CONFIG_ON_OFF, NULL, &init_dn_validate_strict, NULL},

      {CONFIG_DS4_COMPATIBLE_SCHEMA_ATTRIBUTE, config_set_ds4_compatible_schema,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.ds4_compatible_schema,

-      CONFIG_ON_OFF, NULL, &init_ds4_compatible_schema},

+      CONFIG_ON_OFF, NULL, &init_ds4_compatible_schema, NULL},

      {CONFIG_SCHEMA_IGNORE_TRAILING_SPACES,

       config_set_schema_ignore_trailing_spaces, NULL, 0,

       (void **)&global_slapdFrontendConfig.schema_ignore_trailing_spaces,

-      CONFIG_ON_OFF, NULL, &init_schema_ignore_trailing_spaces},

+      CONFIG_ON_OFF, NULL, &init_schema_ignore_trailing_spaces, NULL},

      {CONFIG_SCHEMAREPLACE_ATTRIBUTE, config_set_schemareplace, NULL, 0,

       (void **)&global_slapdFrontendConfig.schemareplace,

-      CONFIG_STRING_OR_OFF, NULL, CONFIG_SCHEMAREPLACE_STR_REPLICATION_ONLY},

+      CONFIG_STRING_OR_OFF, NULL, CONFIG_SCHEMAREPLACE_STR_REPLICATION_ONLY, NULL},

      {CONFIG_ACCESSLOG_MAXLOGDISKSPACE_ATTRIBUTE, NULL,

       log_set_maxdiskspace, SLAPD_ACCESS_LOG,

       (void **)&global_slapdFrontendConfig.accesslog_maxdiskspace,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ACCESS_MAXDISKSPACE_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_ACCESS_MAXDISKSPACE_STR, NULL},

      {CONFIG_REFERRAL_ATTRIBUTE, (ConfigSetFunc)config_set_defaultreferral,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.defaultreferral,

-      CONFIG_SPECIAL_REFERRALLIST, NULL, NULL /* deletion is not allowed */},

+      CONFIG_SPECIAL_REFERRALLIST, NULL, NULL, NULL /* deletion is not allowed */},

      {CONFIG_PW_MAXFAILURE_ATTRIBUTE, config_set_pw_maxfailure,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_maxfailure,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MAXFAILURE_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PW_MAXFAILURE_STR, NULL},

      {CONFIG_ACCESSLOG_ATTRIBUTE, config_set_accesslog,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.accesslog,

-      CONFIG_STRING_OR_EMPTY, NULL, NULL /* deletion is not allowed */},

+      CONFIG_STRING_OR_EMPTY, NULL, NULL, NULL /* deletion is not allowed */},

      {CONFIG_LASTMOD_ATTRIBUTE, config_set_lastmod,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.lastmod,

-      CONFIG_ON_OFF, NULL, &init_lastmod},

+      CONFIG_ON_OFF, NULL, &init_lastmod, NULL},

      {CONFIG_ROOTPWSTORAGESCHEME_ATTRIBUTE, config_set_rootpwstoragescheme,

       NULL, 0, NULL,

       CONFIG_STRING, (ConfigGetFunc)config_get_rootpwstoragescheme,

-      ""},

+      "", NULL},

      /*

       * Set this to empty string to allow reset to work, but

       * the value is actually derived in set_rootpwstoragescheme.
@@ -621,635 +625,651 @@ 

      {CONFIG_PW_HISTORY_ATTRIBUTE, config_set_pw_history,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_history,

-      CONFIG_ON_OFF, NULL, &init_pw_history},

+      CONFIG_ON_OFF, NULL, &init_pw_history, NULL},

      {CONFIG_SECURITY_ATTRIBUTE, config_set_security,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.security,

-      CONFIG_ON_OFF, NULL, &init_security},

+      CONFIG_ON_OFF, NULL, &init_security, NULL},

      {CONFIG_PW_MAXAGE_ATTRIBUTE, config_set_pw_maxage,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_maxage,

-      CONFIG_LONG, NULL, SLAPD_DEFAULT_PW_MAXAGE_STR},

+      CONFIG_LONG, NULL, SLAPD_DEFAULT_PW_MAXAGE_STR, NULL},

      {CONFIG_AUDITLOG_LOGROTATIONTIMEUNIT_ATTRIBUTE, NULL,

       log_set_rotationtimeunit, SLAPD_AUDIT_LOG,

       (void **)&global_slapdFrontendConfig.auditlog_rotationunit,

-      CONFIG_STRING_OR_UNKNOWN, NULL, SLAPD_INIT_AUDITLOG_ROTATIONUNIT},

+      CONFIG_STRING_OR_UNKNOWN, NULL, SLAPD_INIT_AUDITLOG_ROTATIONUNIT, NULL},

      {CONFIG_PW_RESETFAILURECOUNT_ATTRIBUTE, config_set_pw_resetfailurecount,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_resetfailurecount,

-      CONFIG_LONG, NULL, SLAPD_DEFAULT_PW_RESETFAILURECOUNT_STR},

+      CONFIG_LONG, NULL, SLAPD_DEFAULT_PW_RESETFAILURECOUNT_STR, NULL},

      {CONFIG_PW_ISGLOBAL_ATTRIBUTE, config_set_pw_is_global_policy,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_is_global_policy,

-      CONFIG_ON_OFF, NULL, &init_pw_is_global_policy},

+      CONFIG_ON_OFF, NULL, &init_pw_is_global_policy, NULL},

      {CONFIG_PW_IS_LEGACY, config_set_pw_is_legacy_policy,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_is_legacy,

-      CONFIG_ON_OFF, NULL, &init_pw_is_legacy},

+      CONFIG_ON_OFF, NULL, &init_pw_is_legacy, NULL},

      {CONFIG_PW_TRACK_LAST_UPDATE_TIME, config_set_pw_track_last_update_time,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_track_update_time,

-      CONFIG_ON_OFF, NULL, &init_pw_track_update_time},

+      CONFIG_ON_OFF, NULL, &init_pw_track_update_time, NULL},

      {CONFIG_AUDITLOG_MAXNUMOFLOGSPERDIR_ATTRIBUTE, NULL,

       log_set_numlogsperdir, SLAPD_AUDIT_LOG,

       (void **)&global_slapdFrontendConfig.auditlog_maxnumlogs,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MAXNUMLOGS_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MAXNUMLOGS_STR, NULL},

      {CONFIG_ERRORLOG_LOGEXPIRATIONTIMEUNIT_ATTRIBUTE, NULL,

       log_set_expirationtimeunit, SLAPD_ERROR_LOG,

       (void **)&global_slapdFrontendConfig.errorlog_exptimeunit,

-      CONFIG_STRING_OR_UNKNOWN, NULL, SLAPD_INIT_LOG_EXPTIMEUNIT},

+      CONFIG_STRING_OR_UNKNOWN, NULL, SLAPD_INIT_LOG_EXPTIMEUNIT, NULL},

      /* errorlog list is read only, so no set func and no config var addr */

      {CONFIG_ERRORLOG_LIST_ATTRIBUTE, NULL,

       NULL, 0, NULL,

-      CONFIG_CHARRAY, (ConfigGetFunc)config_get_errorlog_list, NULL},

+      CONFIG_CHARRAY, (ConfigGetFunc)config_get_errorlog_list, NULL, NULL},

      {CONFIG_GROUPEVALNESTLEVEL_ATTRIBUTE, config_set_groupevalnestlevel,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.groupevalnestlevel,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_GROUPEVALNESTLEVEL_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_GROUPEVALNESTLEVEL_STR, NULL},

      {CONFIG_ACCESSLOG_LOGEXPIRATIONTIMEUNIT_ATTRIBUTE, NULL,

       log_set_expirationtimeunit, SLAPD_ACCESS_LOG,

       (void **)&global_slapdFrontendConfig.accesslog_exptimeunit,

-      CONFIG_STRING_OR_UNKNOWN, NULL, SLAPD_INIT_LOG_EXPTIMEUNIT},

+      CONFIG_STRING_OR_UNKNOWN, NULL, SLAPD_INIT_LOG_EXPTIMEUNIT, NULL},

      {CONFIG_ROOTPW_ATTRIBUTE, config_set_rootpw,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.rootpw,

-      CONFIG_STRING, NULL, NULL /* deletion is not allowed */},

+      CONFIG_STRING, NULL, NULL, NULL /* deletion is not allowed */},

      {CONFIG_PW_CHANGE_ATTRIBUTE, config_set_pw_change,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_change,

-      CONFIG_ON_OFF, NULL, &init_pw_change},

+      CONFIG_ON_OFF, NULL, &init_pw_change, NULL},

      {CONFIG_ACCESSLOGLEVEL_ATTRIBUTE, config_set_accesslog_level,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.accessloglevel,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_ACCESSLOG_LEVEL_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_ACCESSLOG_LEVEL_STR, NULL},

      {CONFIG_ERRORLOG_LOGROTATIONTIMEUNIT_ATTRIBUTE, NULL,

       log_set_rotationtimeunit, SLAPD_ERROR_LOG,

       (void **)&global_slapdFrontendConfig.errorlog_rotationunit,

-      CONFIG_STRING_OR_UNKNOWN, NULL, SLAPD_INIT_ERRORLOG_ROTATIONUNIT},

+      CONFIG_STRING_OR_UNKNOWN, NULL, SLAPD_INIT_ERRORLOG_ROTATIONUNIT, NULL},

      {CONFIG_SECUREPORT_ATTRIBUTE, config_set_secureport,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.secureport,

-      CONFIG_INT, NULL, NULL},

+      CONFIG_INT, NULL, NULL, NULL},

      {CONFIG_BASEDN_ATTRIBUTE, config_set_basedn,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.certmap_basedn,

-      CONFIG_STRING, NULL, NULL /* deletion is not allowed */},

+      CONFIG_STRING, NULL, NULL, NULL /* deletion is not allowed */},

      {CONFIG_TIMELIMIT_ATTRIBUTE, config_set_timelimit,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.timelimit,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_TIMELIMIT_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_TIMELIMIT_STR, NULL},

      {CONFIG_ERRORLOG_MAXLOGSIZE_ATTRIBUTE, NULL,

       log_set_logsize, SLAPD_ERROR_LOG,

       (void **)&global_slapdFrontendConfig.errorlog_maxlogsize,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MAXLOGSIZE_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MAXLOGSIZE_STR, NULL},

      {CONFIG_RESERVEDESCRIPTORS_ATTRIBUTE, config_set_reservedescriptors,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.reservedescriptors,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_RESERVE_FDS_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_RESERVE_FDS_STR, NULL},

      /* access log list is read only, no set func, no config var addr */

      {CONFIG_ACCESSLOG_LIST_ATTRIBUTE, NULL,

       NULL, 0, NULL,

-      CONFIG_CHARRAY, (ConfigGetFunc)config_get_accesslog_list, NULL},

+      CONFIG_CHARRAY, (ConfigGetFunc)config_get_accesslog_list, NULL, NULL},

      {CONFIG_SVRTAB_ATTRIBUTE, config_set_srvtab,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.srvtab,

-      CONFIG_STRING, NULL, ""},

+      CONFIG_STRING, NULL, "", NULL},

      {CONFIG_PW_EXP_ATTRIBUTE, config_set_pw_exp,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_exp,

-      CONFIG_ON_OFF, NULL, &init_pw_exp},

+      CONFIG_ON_OFF, NULL, &init_pw_exp, NULL},

      {CONFIG_PW_SEND_EXPIRING, config_set_pw_send_expiring,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_send_expiring,

-      CONFIG_ON_OFF, NULL, &init_pw_send_expiring},

+      CONFIG_ON_OFF, NULL, &init_pw_send_expiring, NULL},

      {CONFIG_ACCESSCONTROL_ATTRIBUTE, config_set_accesscontrol,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.accesscontrol,

-      CONFIG_ON_OFF, NULL, &init_accesscontrol},

+      CONFIG_ON_OFF, NULL, &init_accesscontrol, NULL},

      {CONFIG_AUDITLOG_LIST_ATTRIBUTE, NULL,

       NULL, 0, NULL,

-      CONFIG_CHARRAY, (ConfigGetFunc)config_get_auditlog_list, NULL},

+      CONFIG_CHARRAY, (ConfigGetFunc)config_get_auditlog_list, NULL, NULL},

      {CONFIG_ACCESSLOG_LOGROTATIONTIMEUNIT_ATTRIBUTE, NULL,

       log_set_rotationtimeunit, SLAPD_ACCESS_LOG,

       (void **)&global_slapdFrontendConfig.accesslog_rotationunit,

-      CONFIG_STRING, NULL, SLAPD_INIT_ACCESSLOG_ROTATIONUNIT},

+      CONFIG_STRING, NULL, SLAPD_INIT_ACCESSLOG_ROTATIONUNIT, NULL},

      {CONFIG_PW_LOCKDURATION_ATTRIBUTE, config_set_pw_lockduration,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_lockduration,

-      CONFIG_LONG, NULL, SLAPD_DEFAULT_PW_LOCKDURATION_STR},

+      CONFIG_LONG, NULL, SLAPD_DEFAULT_PW_LOCKDURATION_STR, NULL},

      {CONFIG_ACCESSLOG_MAXLOGSIZE_ATTRIBUTE, NULL,

       log_set_logsize, SLAPD_ACCESS_LOG,

       (void **)&global_slapdFrontendConfig.accesslog_maxlogsize,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MAXLOGSIZE_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MAXLOGSIZE_STR, NULL},

      {CONFIG_IDLETIMEOUT_ATTRIBUTE, config_set_idletimeout,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.idletimeout,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_IDLE_TIMEOUT_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_IDLE_TIMEOUT_STR, NULL},

      {CONFIG_NAGLE_ATTRIBUTE, config_set_nagle,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.nagle,

-      CONFIG_ON_OFF, NULL, &init_nagle},

+      CONFIG_ON_OFF, NULL, &init_nagle, NULL},

      {CONFIG_ERRORLOG_MINFREEDISKSPACE_ATTRIBUTE, NULL,

       log_set_mindiskspace, SLAPD_ERROR_LOG,

       (void **)&global_slapdFrontendConfig.errorlog_minfreespace,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MINFREESPACE_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MINFREESPACE_STR, NULL},

      {CONFIG_AUDITLOG_LOGGING_ENABLED_ATTRIBUTE, NULL,

       log_set_logging, SLAPD_AUDIT_LOG,

       (void **)&global_slapdFrontendConfig.auditlog_logging_enabled,

-      CONFIG_ON_OFF, NULL, &init_auditlog_logging_enabled},

+      CONFIG_ON_OFF, NULL, &init_auditlog_logging_enabled, NULL},

      {CONFIG_AUDITLOG_LOGGING_HIDE_UNHASHED_PW, config_set_auditlog_unhashed_pw,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.auditlog_logging_hide_unhashed_pw,

-      CONFIG_ON_OFF, NULL, &init_auditlog_logging_hide_unhashed_pw},

+      CONFIG_ON_OFF, NULL, &init_auditlog_logging_hide_unhashed_pw, NULL},

      {CONFIG_ACCESSLOG_BUFFERING_ATTRIBUTE, config_set_accesslogbuffering,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.accesslogbuffering,

-      CONFIG_ON_OFF, NULL, &init_accesslogbuffering},

+      CONFIG_ON_OFF, NULL, &init_accesslogbuffering, NULL},

      {CONFIG_CSNLOGGING_ATTRIBUTE, config_set_csnlogging,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.csnlogging,

-      CONFIG_ON_OFF, NULL, &init_csnlogging},

+      CONFIG_ON_OFF, NULL, &init_csnlogging, NULL},

      {CONFIG_AUDITLOG_LOGEXPIRATIONTIMEUNIT_ATTRIBUTE, NULL,

       log_set_expirationtimeunit, SLAPD_AUDIT_LOG,

       (void **)&global_slapdFrontendConfig.auditlog_exptimeunit,

-      CONFIG_STRING_OR_UNKNOWN, NULL, SLAPD_INIT_LOG_EXPTIMEUNIT},

+      CONFIG_STRING_OR_UNKNOWN, NULL, SLAPD_INIT_LOG_EXPTIMEUNIT, NULL},

      {CONFIG_ALLOW_HASHED_PW_ATTRIBUTE, config_set_allow_hashed_pw,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.allow_hashed_pw,

-      CONFIG_ON_OFF, NULL, &init_allow_hashed_pw},

+      CONFIG_ON_OFF, NULL, &init_allow_hashed_pw, NULL},

      {CONFIG_PW_SYNTAX_ATTRIBUTE, config_set_pw_syntax,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_syntax,

-      CONFIG_ON_OFF, NULL, &init_pw_syntax},

+      CONFIG_ON_OFF, NULL, &init_pw_syntax, NULL},

      {CONFIG_LISTENHOST_ATTRIBUTE, config_set_listenhost,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.listenhost,

-      CONFIG_STRING, NULL, "" /* Empty value is allowed */},

+      CONFIG_STRING, NULL, "", NULL /* Empty value is allowed */},

      {CONFIG_SNMP_INDEX_ATTRIBUTE, config_set_snmp_index,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.snmp_index,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_SNMP_INDEX_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_SNMP_INDEX_STR, NULL},

      {CONFIG_LDAPI_FILENAME_ATTRIBUTE, config_set_ldapi_filename,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.ldapi_filename,

-      CONFIG_STRING, NULL, SLAPD_LDAPI_DEFAULT_FILENAME},

+      CONFIG_STRING, NULL, SLAPD_LDAPI_DEFAULT_FILENAME, NULL},

      {CONFIG_LDAPI_SWITCH_ATTRIBUTE, config_set_ldapi_switch,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.ldapi_switch,

-      CONFIG_ON_OFF, NULL, &init_ldapi_switch},

+      CONFIG_ON_OFF, NULL, &init_ldapi_switch, NULL},

      {CONFIG_LDAPI_BIND_SWITCH_ATTRIBUTE, config_set_ldapi_bind_switch,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.ldapi_bind_switch,

-      CONFIG_ON_OFF, NULL, &init_ldapi_bind_switch},

+      CONFIG_ON_OFF, NULL, &init_ldapi_bind_switch, NULL},

      {CONFIG_LDAPI_ROOT_DN_ATTRIBUTE, config_set_ldapi_root_dn,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.ldapi_root_dn,

-      CONFIG_STRING, NULL, SLAPD_DEFAULT_DIRECTORY_MANAGER},

+      CONFIG_STRING, NULL, SLAPD_DEFAULT_DIRECTORY_MANAGER, NULL},

      {CONFIG_LDAPI_MAP_ENTRIES_ATTRIBUTE, config_set_ldapi_map_entries,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.ldapi_map_entries,

-      CONFIG_ON_OFF, NULL, &init_ldapi_map_entries},

+      CONFIG_ON_OFF, NULL, &init_ldapi_map_entries, NULL},

      {CONFIG_LDAPI_UIDNUMBER_TYPE_ATTRIBUTE, config_set_ldapi_uidnumber_type,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.ldapi_uidnumber_type,

-      CONFIG_STRING, NULL, SLAPD_DEFAULT_UIDNUM_TYPE},

+      CONFIG_STRING, NULL, SLAPD_DEFAULT_UIDNUM_TYPE, NULL},

      {CONFIG_LDAPI_GIDNUMBER_TYPE_ATTRIBUTE, config_set_ldapi_gidnumber_type,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.ldapi_gidnumber_type,

-      CONFIG_STRING, NULL, SLAPD_DEFAULT_GIDNUM_TYPE},

+      CONFIG_STRING, NULL, SLAPD_DEFAULT_GIDNUM_TYPE, NULL},

      {CONFIG_LDAPI_SEARCH_BASE_DN_ATTRIBUTE, config_set_ldapi_search_base_dn,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.ldapi_search_base_dn,

-      CONFIG_STRING, NULL, SLAPD_DEFAULT_LDAPI_SEARCH_BASE},

+      CONFIG_STRING, NULL, SLAPD_DEFAULT_LDAPI_SEARCH_BASE, NULL},

  #if defined(ENABLE_AUTO_DN_SUFFIX)

      {CONFIG_LDAPI_AUTO_DN_SUFFIX_ATTRIBUTE, config_set_ldapi_auto_dn_suffix,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.ldapi_auto_dn_suffix,

-      CONFIG_STRING, NULL, SLAPD_DEFAULT_LDAPI_AUTO_DN},

+      CONFIG_STRING, NULL, SLAPD_DEFAULT_LDAPI_AUTO_DN, NULL},

  #endif

      {CONFIG_ANON_LIMITS_DN_ATTRIBUTE, config_set_anon_limits_dn,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.anon_limits_dn,

-      CONFIG_STRING, NULL, ""},

+      CONFIG_STRING, NULL, "", NULL},

      {CONFIG_SLAPI_COUNTER_ATTRIBUTE, config_set_slapi_counters,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.slapi_counters,

       CONFIG_ON_OFF, (ConfigGetFunc)config_get_slapi_counters,

-      &init_slapi_counters},

+      &init_slapi_counters, NULL},

      {CONFIG_ACCESSLOG_MINFREEDISKSPACE_ATTRIBUTE, NULL,

       log_set_mindiskspace, SLAPD_ACCESS_LOG,

       (void **)&global_slapdFrontendConfig.accesslog_minfreespace,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MINFREESPACE_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MINFREESPACE_STR, NULL},

      {CONFIG_ERRORLOG_MAXNUMOFLOGSPERDIR_ATTRIBUTE, NULL,

       log_set_numlogsperdir, SLAPD_ERROR_LOG,

       (void **)&global_slapdFrontendConfig.errorlog_maxnumlogs,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MAXNUMLOGS_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MAXNUMLOGS_STR, NULL},

      {CONFIG_SECURELISTENHOST_ATTRIBUTE, config_set_securelistenhost,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.securelistenhost,

-      CONFIG_STRING, NULL, "" /* Empty value is allowed */},

+      CONFIG_STRING, NULL, "", NULL /* Empty value is allowed */},

      {CONFIG_AUDITLOG_MINFREEDISKSPACE_ATTRIBUTE, NULL,

       log_set_mindiskspace, SLAPD_AUDIT_LOG,

       (void **)&global_slapdFrontendConfig.auditlog_minfreespace,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MINFREESPACE_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOG_MINFREESPACE_STR, NULL},

      {CONFIG_ROOTDN_ATTRIBUTE, config_set_rootdn,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.rootdn,

-      CONFIG_STRING, NULL, SLAPD_DEFAULT_DIRECTORY_MANAGER},

+      CONFIG_STRING, NULL, SLAPD_DEFAULT_DIRECTORY_MANAGER, NULL},

      {CONFIG_PW_MINAGE_ATTRIBUTE, config_set_pw_minage,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pw_policy.pw_minage,

-      CONFIG_LONG, NULL, SLAPD_DEFAULT_PW_MINAGE_STR},

+      CONFIG_LONG, NULL, SLAPD_DEFAULT_PW_MINAGE_STR, NULL},

      {CONFIG_AUDITFILE_ATTRIBUTE, config_set_auditlog,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.auditlog,

-      CONFIG_STRING_OR_EMPTY, NULL, NULL /* deletion is not allowed */},

+      CONFIG_STRING_OR_EMPTY, NULL, NULL, NULL /* deletion is not allowed */},

      {CONFIG_RETURN_EXACT_CASE_ATTRIBUTE, config_set_return_exact_case,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.return_exact_case,

-      CONFIG_ON_OFF, NULL, &init_return_exact_case},

+      CONFIG_ON_OFF, NULL, &init_return_exact_case, NULL},

      {CONFIG_RESULT_TWEAK_ATTRIBUTE, config_set_result_tweak,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.result_tweak,

-      CONFIG_ON_OFF, NULL, &init_result_tweak},

+      CONFIG_ON_OFF, NULL, &init_result_tweak, NULL},

      {CONFIG_PLUGIN_BINDDN_TRACKING_ATTRIBUTE, config_set_plugin_tracking,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.plugin_track,

-      CONFIG_ON_OFF, NULL, &init_plugin_track},

+      CONFIG_ON_OFF, NULL, &init_plugin_track, NULL},

      {CONFIG_MODDN_ACI_ATTRIBUTE, config_set_moddn_aci,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.moddn_aci,

       CONFIG_ON_OFF, (ConfigGetFunc)config_get_moddn_aci,

-      &init_moddn_aci},

+      &init_moddn_aci, NULL},

      {CONFIG_ATTRIBUTE_NAME_EXCEPTION_ATTRIBUTE, config_set_attrname_exceptions,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.attrname_exceptions,

-      CONFIG_ON_OFF, NULL, &init_attrname_exceptions},

+      CONFIG_ON_OFF, NULL, &init_attrname_exceptions, NULL},

      {CONFIG_MAXBERSIZE_ATTRIBUTE, config_set_maxbersize,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.maxbersize,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_MAXBERSIZE_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_MAXBERSIZE_STR, NULL},

      {CONFIG_MAXSASLIOSIZE_ATTRIBUTE, config_set_maxsasliosize,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.maxsasliosize,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_MAX_SASLIO_SIZE_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_MAX_SASLIO_SIZE_STR, NULL},

      {CONFIG_VERSIONSTRING_ATTRIBUTE, config_set_versionstring,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.versionstring,

-      CONFIG_STRING, NULL, SLAPD_VERSION_STR},

+      CONFIG_STRING, NULL, SLAPD_VERSION_STR, NULL},

      {CONFIG_REFERRAL_MODE_ATTRIBUTE, config_set_referral_mode,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.refer_url,

-      CONFIG_STRING, NULL, NULL /* deletion is not allowed */},

+      CONFIG_STRING, NULL, NULL, NULL /* deletion is not allowed */},

      {CONFIG_MAXDESCRIPTORS_ATTRIBUTE, config_set_maxdescriptors,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.maxdescriptors,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_MAXDESCRIPTORS_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_MAXDESCRIPTORS_STR, NULL},

      {CONFIG_CONNTABLESIZE_ATTRIBUTE, config_set_conntablesize,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.conntablesize,

-      CONFIG_INT, NULL, NULL /* deletion is not allowed */},

+      CONFIG_INT, NULL, NULL, NULL /* deletion is not allowed */},

      {CONFIG_SSLCLIENTAUTH_ATTRIBUTE, config_set_SSLclientAuth,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.SSLclientAuth,

-      CONFIG_SPECIAL_SSLCLIENTAUTH, NULL, SLAPD_DEFAULT_SSLCLIENTAUTH_STR},

+      CONFIG_SPECIAL_SSLCLIENTAUTH, NULL, SLAPD_DEFAULT_SSLCLIENTAUTH_STR, NULL},

      {CONFIG_SSL_CHECK_HOSTNAME_ATTRIBUTE, config_set_ssl_check_hostname,

       NULL, 0, NULL,

       CONFIG_ON_OFF, (ConfigGetFunc)config_get_ssl_check_hostname,

-      &init_ssl_check_hostname},

+      &init_ssl_check_hostname, NULL},

      {CONFIG_CONFIG_ATTRIBUTE, 0,

       NULL, 0, (void **)SLAPD_CONFIG_DN,

-      CONFIG_CONSTANT_STRING, NULL, NULL /* deletion is not allowed */},

+      CONFIG_CONSTANT_STRING, NULL, NULL, NULL /* deletion is not allowed */},

      {CONFIG_HASH_FILTERS_ATTRIBUTE, config_set_hash_filters,

       NULL, 0, NULL,

       CONFIG_ON_OFF, (ConfigGetFunc)config_get_hash_filters,

-      NULL /* deletion is not allowed */},

+      NULL, NULL /* deletion is not allowed */},

      /* instance dir; used by admin tasks */

      {CONFIG_INSTDIR_ATTRIBUTE, config_set_instancedir,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.instancedir,

-      CONFIG_STRING, NULL, NULL /* deletion is not allowed */},

+      CONFIG_STRING, NULL, NULL, NULL /* deletion is not allowed */},

      /* parameterizing schema dir */

      {CONFIG_SCHEMADIR_ATTRIBUTE, config_set_schemadir,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.schemadir,

-      CONFIG_STRING, NULL, NULL /* deletion is not allowed */},

+      CONFIG_STRING, NULL, NULL, NULL /* deletion is not allowed */},

      /* parameterizing lock dir */

      {CONFIG_LOCKDIR_ATTRIBUTE, config_set_lockdir,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.lockdir,

       CONFIG_STRING, (ConfigGetFunc)config_get_lockdir,

-      NULL /* deletion is not allowed */},

+      NULL, NULL /* deletion is not allowed */},

      /* parameterizing tmp dir */

      {CONFIG_TMPDIR_ATTRIBUTE, config_set_tmpdir,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.tmpdir,

       CONFIG_STRING, (ConfigGetFunc)config_get_tmpdir,

-      NULL /* deletion is not allowed */},

+      NULL, NULL /* deletion is not allowed */},

      /* parameterizing cert dir */

      {CONFIG_CERTDIR_ATTRIBUTE, config_set_certdir,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.certdir,

       CONFIG_STRING, (ConfigGetFunc)config_get_certdir,

-      NULL /* deletion is not allowed */},

+      NULL, NULL /* deletion is not allowed */},

      /* parameterizing ldif dir */

      {CONFIG_LDIFDIR_ATTRIBUTE, config_set_ldifdir,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.ldifdir,

       CONFIG_STRING, (ConfigGetFunc)config_get_ldifdir,

-      NULL /* deletion is not allowed */},

+      NULL, NULL /* deletion is not allowed */},

      /* parameterizing bak dir */

      {CONFIG_BAKDIR_ATTRIBUTE, config_set_bakdir,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.bakdir,

       CONFIG_STRING, (ConfigGetFunc)config_get_bakdir,

-      NULL /* deletion is not allowed */},

+      NULL, NULL /* deletion is not allowed */},

      /* parameterizing sasl plugin path */

      {CONFIG_SASLPATH_ATTRIBUTE, config_set_saslpath,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.saslpath,

       CONFIG_STRING, (ConfigGetFunc)config_get_saslpath,

-      NULL /* deletion is not allowed */},

+      NULL, NULL /* deletion is not allowed */},

      /* parameterizing run dir */

      {CONFIG_RUNDIR_ATTRIBUTE, config_set_rundir,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.rundir,

       CONFIG_STRING, (ConfigGetFunc)config_get_rundir,

-      NULL /* deletion is not allowed */},

+      NULL, NULL /* deletion is not allowed */},

      {CONFIG_REWRITE_RFC1274_ATTRIBUTE, config_set_rewrite_rfc1274,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.rewrite_rfc1274,

-      CONFIG_ON_OFF, NULL, &init_rewrite_rfc1274},

+      CONFIG_ON_OFF, NULL, &init_rewrite_rfc1274, NULL},

      {CONFIG_OUTBOUND_LDAP_IO_TIMEOUT_ATTRIBUTE,

       config_set_outbound_ldap_io_timeout,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.outbound_ldap_io_timeout,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_OUTBOUND_LDAP_IO_TIMEOUT_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_OUTBOUND_LDAP_IO_TIMEOUT_STR, NULL},

      {CONFIG_UNAUTH_BINDS_ATTRIBUTE, config_set_unauth_binds_switch,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.allow_unauth_binds,

       CONFIG_ON_OFF, (ConfigGetFunc)config_get_unauth_binds_switch,

-      &init_allow_unauth_binds},

+      &init_allow_unauth_binds, NULL},

      {CONFIG_REQUIRE_SECURE_BINDS_ATTRIBUTE, config_set_require_secure_binds,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.require_secure_binds,

       CONFIG_ON_OFF, (ConfigGetFunc)config_get_require_secure_binds,

-      &init_require_secure_binds},

+      &init_require_secure_binds, NULL},

      {CONFIG_ANON_ACCESS_ATTRIBUTE, config_set_anon_access_switch,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.allow_anon_access,

       CONFIG_SPECIAL_ANON_ACCESS_SWITCH,

       (ConfigGetFunc)config_get_anon_access_switch,

-      SLAPD_DEFAULT_ALLOW_ANON_ACCESS_STR},

+      SLAPD_DEFAULT_ALLOW_ANON_ACCESS_STR, NULL},

      {CONFIG_LOCALSSF_ATTRIBUTE, config_set_localssf,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.localssf,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_LOCAL_SSF_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_LOCAL_SSF_STR, NULL},

      {CONFIG_MINSSF_ATTRIBUTE, config_set_minssf,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.minssf,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_MIN_SSF_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_MIN_SSF_STR, NULL},

      {CONFIG_MINSSF_EXCLUDE_ROOTDSE, config_set_minssf_exclude_rootdse,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.minssf_exclude_rootdse,

       CONFIG_ON_OFF, (ConfigGetFunc)config_get_minssf_exclude_rootdse,

-      &init_minssf_exclude_rootdse},

+      &init_minssf_exclude_rootdse, NULL},

      {CONFIG_FORCE_SASL_EXTERNAL_ATTRIBUTE, config_set_force_sasl_external,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.force_sasl_external,

       CONFIG_ON_OFF, (ConfigGetFunc)config_get_force_sasl_external,

-      &init_force_sasl_external},

+      &init_force_sasl_external, NULL},

      {CONFIG_ENTRYUSN_GLOBAL, config_set_entryusn_global,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.entryusn_global,

       CONFIG_ON_OFF, (ConfigGetFunc)config_get_entryusn_global,

-      &init_entryusn_global},

+      &init_entryusn_global, NULL},

      {CONFIG_ENTRYUSN_IMPORT_INITVAL, config_set_entryusn_import_init,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.entryusn_import_init,

       CONFIG_STRING, (ConfigGetFunc)config_get_entryusn_import_init,

-      SLAPD_ENTRYUSN_IMPORT_INIT},

+      SLAPD_ENTRYUSN_IMPORT_INIT, NULL},

      {CONFIG_VALIDATE_CERT_ATTRIBUTE, config_set_validate_cert_switch,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.validate_cert,

       CONFIG_SPECIAL_VALIDATE_CERT_SWITCH,

-      (ConfigGetFunc)config_get_validate_cert_switch, SLAPD_DEFAULT_VALIDATE_CERT_STR},

+      (ConfigGetFunc)config_get_validate_cert_switch, SLAPD_DEFAULT_VALIDATE_CERT_STR, NULL},

      {CONFIG_PAGEDSIZELIMIT_ATTRIBUTE, config_set_pagedsizelimit,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.pagedsizelimit,

-      CONFIG_INT, NULL, SLAPD_DEFAULT_PAGEDSIZELIMIT_STR},

+      CONFIG_INT, NULL, SLAPD_DEFAULT_PAGEDSIZELIMIT_STR, NULL},

      {CONFIG_DEFAULT_NAMING_CONTEXT, config_set_default_naming_context,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.default_naming_context,

-      CONFIG_STRING, (ConfigGetFunc)config_get_default_naming_context, NULL},

+      CONFIG_STRING, (ConfigGetFunc)config_get_default_naming_context, NULL, NULL},

      {CONFIG_DISK_MONITORING, config_set_disk_monitoring,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.disk_monitoring,

       CONFIG_ON_OFF, (ConfigGetFunc)config_get_disk_monitoring,

-      &init_disk_monitoring},

+      &init_disk_monitoring, NULL},

      {CONFIG_DISK_THRESHOLD, config_set_disk_threshold,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.disk_threshold,

       CONFIG_LONG_LONG, (ConfigGetFunc)config_get_disk_threshold,

-      SLAPD_DEFAULT_DISK_THRESHOLD_STR},

+      SLAPD_DEFAULT_DISK_THRESHOLD_STR, NULL},

      {CONFIG_DISK_GRACE_PERIOD, config_set_disk_grace_period,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.disk_grace_period,

       CONFIG_INT, (ConfigGetFunc)config_get_disk_grace_period,

-      SLAPD_DEFAULT_DISK_GRACE_PERIOD_STR},

+      SLAPD_DEFAULT_DISK_GRACE_PERIOD_STR, NULL},

      {CONFIG_DISK_LOGGING_CRITICAL, config_set_disk_logging_critical,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.disk_logging_critical,

       CONFIG_ON_OFF, (ConfigGetFunc)config_get_disk_logging_critical,

-      &init_disk_logging_critical},

+      &init_disk_logging_critical, NULL},

      {CONFIG_NDN_CACHE, config_set_ndn_cache_enabled,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.ndn_cache_enabled,

       CONFIG_ON_OFF, (ConfigGetFunc)config_get_ndn_cache_enabled,

-      &init_ndn_cache_enabled},

+      &init_ndn_cache_enabled, NULL},

      {CONFIG_NDN_CACHE_SIZE, config_set_ndn_cache_max_size,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.ndn_cache_max_size,

-      CONFIG_INT, (ConfigGetFunc)config_get_ndn_cache_size, SLAPD_DEFAULT_NDN_SIZE_STR},

+      CONFIG_INT, (ConfigGetFunc)config_get_ndn_cache_size, SLAPD_DEFAULT_NDN_SIZE_STR, NULL},

      /* The issue here is that we probably need "empty string" to be valid, rather than NULL for reset purposes */

      {CONFIG_ALLOWED_SASL_MECHS, config_set_allowed_sasl_mechs,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.allowed_sasl_mechs,

-      CONFIG_STRING, (ConfigGetFunc)config_get_allowed_sasl_mechs, ""},

+      CONFIG_STRING, (ConfigGetFunc)config_get_allowed_sasl_mechs, "", NULL},

      {CONFIG_IGNORE_VATTRS, config_set_ignore_vattrs,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.ignore_vattrs,

-      CONFIG_ON_OFF, (ConfigGetFunc)config_get_ignore_vattrs, &init_ignore_vattrs},

+      CONFIG_ON_OFF, (ConfigGetFunc)config_get_ignore_vattrs, &init_ignore_vattrs, NULL},

      {CONFIG_UNHASHED_PW_SWITCH_ATTRIBUTE, config_set_unhashed_pw_switch,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.unhashed_pw_switch,

       CONFIG_SPECIAL_UNHASHED_PW_SWITCH,

       (ConfigGetFunc)config_get_unhashed_pw_switch,

-      SLAPD_DEFAULT_UNHASHED_PW_SWITCH_STR},

+      SLAPD_DEFAULT_UNHASHED_PW_SWITCH_STR, NULL},

      {CONFIG_SASL_MAXBUFSIZE, config_set_sasl_maxbufsize,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.sasl_max_bufsize,

       CONFIG_INT, (ConfigGetFunc)config_get_sasl_maxbufsize,

-      SLAPD_DEFAULT_SASL_MAXBUFSIZE_STR},

+      SLAPD_DEFAULT_SASL_MAXBUFSIZE_STR, NULL},

      {CONFIG_SEARCH_RETURN_ORIGINAL_TYPE, config_set_return_orig_type_switch,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.return_orig_type,

-      CONFIG_ON_OFF, (ConfigGetFunc)config_get_return_orig_type_switch, &init_return_orig_type},

+      CONFIG_ON_OFF, (ConfigGetFunc)config_get_return_orig_type_switch, &init_return_orig_type, NULL},

      {CONFIG_ENABLE_TURBO_MODE, config_set_enable_turbo_mode,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.enable_turbo_mode,

-      CONFIG_ON_OFF, (ConfigGetFunc)config_get_enable_turbo_mode, &init_enable_turbo_mode},

+      CONFIG_ON_OFF, (ConfigGetFunc)config_get_enable_turbo_mode, &init_enable_turbo_mode, NULL},

      {CONFIG_CONNECTION_BUFFER, config_set_connection_buffer,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.connection_buffer,

-      CONFIG_INT, (ConfigGetFunc)config_get_connection_buffer, &init_connection_buffer},

+      CONFIG_INT, (ConfigGetFunc)config_get_connection_buffer, &init_connection_buffer, NULL},

      {CONFIG_CONNECTION_NOCANON, config_set_connection_nocanon,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.connection_nocanon,

-      CONFIG_ON_OFF, (ConfigGetFunc)config_get_connection_nocanon, &init_connection_nocanon},

+      CONFIG_ON_OFF, (ConfigGetFunc)config_get_connection_nocanon, &init_connection_nocanon, NULL},

      {CONFIG_PLUGIN_LOGGING, config_set_plugin_logging,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.plugin_logging,

-      CONFIG_ON_OFF, (ConfigGetFunc)config_get_plugin_logging, &init_plugin_logging},

+      CONFIG_ON_OFF, (ConfigGetFunc)config_get_plugin_logging, &init_plugin_logging, NULL},

      {CONFIG_LISTEN_BACKLOG_SIZE, config_set_listen_backlog_size,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.listen_backlog_size, CONFIG_INT,

-      (ConfigGetFunc)config_get_listen_backlog_size, DAEMON_LISTEN_SIZE_STR},

+      (ConfigGetFunc)config_get_listen_backlog_size, DAEMON_LISTEN_SIZE_STR, NULL},

      {CONFIG_DYNAMIC_PLUGINS, config_set_dynamic_plugins,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.dynamic_plugins, CONFIG_ON_OFF,

-      (ConfigGetFunc)config_get_dynamic_plugins, &init_dynamic_plugins},

+      (ConfigGetFunc)config_get_dynamic_plugins, &init_dynamic_plugins, NULL},

      {CONFIG_CN_USES_DN_SYNTAX_IN_DNS, config_set_cn_uses_dn_syntax_in_dns,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.cn_uses_dn_syntax_in_dns, CONFIG_ON_OFF,

-      (ConfigGetFunc)config_get_cn_uses_dn_syntax_in_dns, &init_cn_uses_dn_syntax_in_dns},

+      (ConfigGetFunc)config_get_cn_uses_dn_syntax_in_dns, &init_cn_uses_dn_syntax_in_dns, NULL},

  #if defined(LINUX)

      {CONFIG_MALLOC_MXFAST, config_set_malloc_mxfast,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.malloc_mxfast,

       CONFIG_INT, (ConfigGetFunc)config_get_malloc_mxfast,

-      &init_malloc_mxfast},

+      &init_malloc_mxfast, NULL},

      {CONFIG_MALLOC_TRIM_THRESHOLD, config_set_malloc_trim_threshold,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.malloc_trim_threshold,

       CONFIG_INT, (ConfigGetFunc)config_get_malloc_trim_threshold,

-      &init_malloc_trim_threshold},

+      &init_malloc_trim_threshold, NULL},

      {CONFIG_MALLOC_MMAP_THRESHOLD, config_set_malloc_mmap_threshold,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.malloc_mmap_threshold,

       CONFIG_INT, (ConfigGetFunc)config_get_malloc_mmap_threshold,

-      &init_malloc_mmap_threshold},

+      &init_malloc_mmap_threshold, NULL},

  #endif

      {CONFIG_IGNORE_TIME_SKEW, config_set_ignore_time_skew,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.ignore_time_skew,

-      CONFIG_ON_OFF, (ConfigGetFunc)config_get_ignore_time_skew, &init_ignore_time_skew},

+      CONFIG_ON_OFF, (ConfigGetFunc)config_get_ignore_time_skew, &init_ignore_time_skew, NULL},

      {CONFIG_GLOBAL_BACKEND_LOCK, config_set_global_backend_lock,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.global_backend_lock,

-      CONFIG_ON_OFF, (ConfigGetFunc)config_get_global_backend_lock, &init_global_backend_local},

+      CONFIG_ON_OFF, (ConfigGetFunc)config_get_global_backend_lock, &init_global_backend_local, NULL},

      {CONFIG_MAXSIMPLEPAGED_PER_CONN_ATTRIBUTE, config_set_maxsimplepaged_per_conn,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.maxsimplepaged_per_conn,

-      CONFIG_INT, (ConfigGetFunc)config_get_maxsimplepaged_per_conn, SLAPD_DEFAULT_MAXSIMPLEPAGED_PER_CONN_STR},

+      CONFIG_INT, (ConfigGetFunc)config_get_maxsimplepaged_per_conn, SLAPD_DEFAULT_MAXSIMPLEPAGED_PER_CONN_STR, NULL},

      {CONFIG_ENABLE_NUNC_STANS, config_set_enable_nunc_stans,

       NULL, 0,

       (void **)&global_slapdFrontendConfig.enable_nunc_stans,

-      CONFIG_ON_OFF, (ConfigGetFunc)config_get_enable_nunc_stans, &init_enable_nunc_stans},

+      CONFIG_ON_OFF, (ConfigGetFunc)config_get_enable_nunc_stans, &init_enable_nunc_stans, NULL},

      /* Audit fail log configuration */

      {CONFIG_AUDITFAILLOG_MODE_ATTRIBUTE, NULL,

       log_set_mode, SLAPD_AUDITFAIL_LOG,

       (void **)&global_slapdFrontendConfig.auditfaillog_mode,

-      CONFIG_STRING, NULL, SLAPD_INIT_LOG_MODE},

+      CONFIG_STRING, NULL, SLAPD_INIT_LOG_MODE, NULL},

      {CONFIG_AUDITFAILLOG_LOGROTATIONSYNCENABLED_ATTRIBUTE, NULL,

       log_set_rotationsync_enabled, SLAPD_AUDITFAIL_LOG,

       (void **)&global_slapdFrontendConfig.auditfaillog_rotationsync_enabled,

-      CONFIG_ON_OFF, NULL, &init_auditfaillog_rotationsync_enabled},

+      CONFIG_ON_OFF, NULL, &init_auditfaillog_rotationsync_enabled, NULL},

      {CONFIG_AUDITFAILLOG_LOGROTATIONSYNCHOUR_ATTRIBUTE, NULL,

       log_set_rotationsynchour, SLAPD_AUDITFAIL_LOG,